The root password has expired. You reset it via the console on the VMware Cloud Foundation Operations VMs, but when you log in, the status still shows as disconnected. When trying to remediate, you receive the error "Remediate for appliance has failed."

• VMware Cloud Foundation 9.x

• VCF Operations 9.0.x

This issue occurs when the root password expires at the OS level on the appliance, but the Fleet Management database retains the old, expired credentials.

When you attempt to Update in the UI, the system tries to SSH into the appliance using the stored (expired) password to perform the rotation. Because the OS password has already changed or expired, this authentication fails.

Trying to perform an Inventory Sync for the Operations component might also fail with error: LCMCOMMON80063.

Additionally, duplicate or stale inactive password alias entries in the Fleet Management Locker can create conflicts or delays during the sync process, contributing to the failure.

To attempt to resolve this issue, you can try these basic steps:. 

1. Log in to the vSphere Client.

2. Open the Remote Console for the VCF Operations VM.

3. Reset the root password via the command line (if not already done). You should be prompted to change the password.

4. Log in to the VCF Operations UI.

5. Navigate to VCF Operations > Fleet Management > Passwords.

6. Locate the credential for the affected appliance.

7. Select the option to Remediate or Edit the credential.

   • Note: Do not click "Update". 'Update' attempts to log in using the stored (old) password, which will fail if the OS password has expired. 'Remediate' allows you to input the new password directly into the database to match the OS.

8. Input the new password manually set at the OS level.

9. Monitor if the task succeeds

10. Initiate an inventory sync from Fleet Management > Lifecycle, click Manage within the VCF Operations component then click 'Tigger Inventory Sync"

    • Note: If the task fails, go to Fleet Management > Lifecycle > Tasks, click on the value under the Request Status column which opens the task workflow. Click 'Retry" and choose the correct password alias, then Submit
      
11. Monitor the task to be completed or resolve any errors

12. Verify that the account status changes from "Disconnected" to "Active" from the Passwords page

    • Note: The backend password sync operation can take anywhere from 1 to 24 hours to complete (even after inventory sync is complete). If SSH access is working and the password alias is updated, the status should eventually show as Active. You may still get the error: "Remediate for appliance has failed." but ignore and check back on the UI after 24 hours.

If the issue persists, reference KB 422725 - VCF Operations root account showing disconnected in VCF Operations Manager UI which includes steps for taking the cluster offline, snapshots then cluster online to try and force a synchronization. 

If the accounts still don't show as 'Active'  it may require manually updating the credential in the Fleet Management UI to match the new OS-level password. Contact Support for assistance as the UI is not exposed natively in VCF 9.0.x

• KB 422725 - VCF Operations root account showing disconnected in VCF Operations Manager UI

• KB 412001 - Get SSH Password for VCF Automation 9.0.x or VCF Identity Broker 9.0.x

• Doc - Managing Passwords for VMware Cloud Foundation Components

• Doc - Schedule Password Rotation for VMware Cloud Foundation Products